I was looking at some alternate themes for my blog and downloaded a few nice ones to try. At the bottom of the test page was a URL in Russian. When I went to footer.php, I found a line that looked like this: eval(gzinflate(base64_decode(“fVHRSsMwFH1W8B+…”)));
This sort of encoding is a little scary to see, especially with a Russian URL. The problem is that the PHP script could be attempting to inject malware into each visitor’s computer when they visit the blog. I found a very nice online decoder at: http://www.tareeinternet.com/scripts/decrypt.php. Upon decoding, I found that the authors were only trying to discourage people from removing them from the credit portion for the page design.
I stuck with the current look of the Blog.